Login Problems. =\

[wickedXxxxlegox]

Error Message: Parse error: syntax error, unexpected T_VARIABLE in /home/a1922355/public_html/checklogin.php on line 7

 

 

 

 

code:

<?php
include('includes/header.php')
?>
<?php
include('includes/db_connect.php')

$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 


$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);


$count=mysql_num_rows($result);


if($count==1){


session_register("myusername");
session_register("mypassword"); 
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password";
}
?>

[Pikachu2000]

It is the exact same error, and the exact same problem as your last thread. Also, that looks remarkably like code from phpeasystep.com, and is about 10 years out of date.

[wickedXxxxlegox]

Excuse me sir, but have you read this forum's title?

[Pikachu2000]

Yes. What's your point?

[wickedXxxxlegox]

That it says "Third Party PHP Scripts" WHICH MEANS that I can use scripts from any other site I want and I can ask for help. And I can also tell you that it's not the same problem. I have a semicolon where I need it.

[Pikachu2000]

Did I say "don't post code you copied from another site here"? No, I didn't.

 

I'm telling you that code is garbage. Everything from phpeasystep.com is out of date, and on the verge of not working at all. In fact, if you use PHP 5.4 or higher, it won't work.

 

And you better look again, because you most certainly do not have line terminations where they're needed.

[wickedXxxxlegox]

Did I say "don't post code you copied from another site here"? No, I didn't.

 

I'm telling you that code is garbage. Everything from phpeasystep.com is out of date, and on the verge of not working at all. In fact, if you use PHP 5.4 or higher, it won't work.

 

And you better look again, because you most certainly do not have line terminations where they're needed.

 

Well, have any good login system tutorials?

[PFMaBiSmAd]

The phpeasystep code, rewritten to do something current, useful, and secure -

 

<?php
// checklogin.php
session_start();
// if already logged in, should not be on this page at all
if(isset($_SESSION['myusername'])){
header("location:login_success.php");
exit;
}
// check if the expected form submitted to this page
if(isset($_POST['Submit'])){
// settings
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// the above settings should generally be kept in a separate file and included where needed

// Connect to server and select database.
mysql_connect($host, $username, $password)or die("cannot connect to database server");
mysql_select_db($db_name)or die("cannot select DB");

// condition inputs
$myusername=trim($_POST['myusername']);
$mypassword=trim($_POST['mypassword']);

// pretend you have some validation logic for the inputs here...

// remove php's magic_quote escaping, if needed
if(get_magic_quotes_gpc()){
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
}
// To protect MySQL injection (more detail about MySQL injection)
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die("Query failed: $sql<br />Error: " . mysql_error());

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
	// get the row from the result set
	$row = mysql_fetch_assoc($result);
	// set session variables (myusername and user id) and redirect to file "login_success.php"
	// note: there's no good reason to store the password in a session variable
	$_SESSION["myusername"] = $row['username']; // used for display purposes
	$_SESSION["user_id"] = $row['id']; // used for identification purposes
	header("location:login_success.php");
	exit;
} else {
	echo "Wrong Username or Password";
	// a real script would have the form submit to the same page and then display the form again if the wrong username/password was entered
}
}
?>

 

<?php
// login_success.php
session_start();
// check if logged in, if not go to the login form
if(!isset($_SESSION['myusername'])){
header("location:main_login.php");
exit;
}
?>
<html>
<body>
Login Successful
</body>
</html>

[Christian F.]

Xyph has a very good article in his signature, which I strongly recommend reading. It contains just about everything you need to know in order to create a secure login system.

 

I'd also like to mention that I'm strongly against manipulating the password by any means, including trim (). There may very well be someone who wants their passwords to start or end with a whitespace character, and by trimming it you're effectively invalidating it and reducing complexity.